The EU AI Act's entire compliance architecture hangs on one question: what risk category does your AI system fall into? Get this right, and you know exactly what obligations apply. Get it wrong, and you are either over-investing in compliance you do not need or — worse — under-compliant for a system that regulators consider high-risk.

This article walks through the classification process step by step. Not the legal text — the practical exercise of taking a real AI system in your organisation and determining where it sits.

Why classification is the first move

Before you draft documentation, implement monitoring, or brief your DSB, you need to classify. Everything else is downstream. A minimal-risk system needs basic records. A high-risk system needs conformity assessments, technical documentation, risk management, and human oversight. The difference in effort is an order of magnitude.

Most DACH enterprises we work with run 3–15 AI systems, from production workflows to internal tools to third-party SaaS with embedded AI. The classification exercise typically takes half a day for the initial pass and surfaces at least one surprise — usually a system nobody thought about that turns out to be limited or high-risk.

The four risk levels, practically applied

Unacceptable risk: the bright line

The AI Act outright prohibits certain AI applications. In practice, this list is short and specific:

  • Social scoring by public authorities or on behalf of them
  • Real-time remote biometric identification in publicly accessible spaces for law enforcement (with narrow exceptions)
  • Exploitation of vulnerabilities of persons due to age, disability, or social or economic situation
  • Emotion recognition in workplaces and educational institutions
  • Untargeted scraping of facial images from the internet or CCTV for facial recognition databases
  • Biometric categorisation based on sensitive attributes (race, political opinions, religious beliefs, sexual orientation)
  • Predictive policing based solely on profiling or personality assessment

The practical check: Review your AI inventory. Does any system monitor employee emotions? Score customers based on social behaviour? Use biometric data for classification by sensitive attributes? If yes, that system must be decommissioned immediately — the prohibition took effect in February 2025.

For most DACH enterprises in insurance, manufacturing, financial services, or professional services, this category produces zero matches. But run the check anyway and document the result.

High-risk: the heavyweight category

A system is high-risk if it falls into one of two paths:

Path 1 — Annex I products. If your AI system is a safety component of, or itself constitutes, a product covered by existing EU harmonised legislation (medical devices, machinery, toys, lifts, radio equipment, aviation, automotive, rail, marine), and that product requires a third-party conformity assessment, the AI system is high-risk.

Path 2 — Annex III use cases. The AI Act lists specific application areas in Annex III:

  1. Biometric identification and categorisation of natural persons
  2. Management and operation of critical infrastructure
  3. Education and vocational training (access, assessment, monitoring)
  4. Employment, workers management, access to self-employment
  5. Access to and enjoyment of essential private and public services (credit, insurance, social benefits, emergency services)
  6. Law enforcement
  7. Migration, asylum, border control management
  8. Administration of justice and democratic processes

The practical check for DACH enterprises:

  • HR/recruiting: If you use AI to screen CVs, rank candidates, score interviews, or monitor employee performance, that is high-risk. This includes third-party HR tools with embedded AI.
  • Insurance: If AI assesses risk for policy pricing, evaluates claims eligibility, or determines coverage, that is high-risk.
  • Financial services: Credit scoring, loan origination decisions, fraud detection systems that block transactions — all high-risk.
  • Critical infrastructure: AI managing energy grids, water systems, digital infrastructure, or transport logistics — high-risk.
  • Internal tools: An AI system that automates internal task allocation or performance reviews — potentially high-risk under the employment category.

High-risk classification triggers: conformity assessment, risk management system, data governance requirements, technical documentation, record-keeping, transparency obligations, human oversight, accuracy and robustness requirements, and registration in the EU AI database.

Limited risk: transparency is the obligation

Systems classified as limited risk must meet transparency requirements. The key triggers:

  • AI systems that interact with natural persons (chatbots, virtual assistants) — users must be informed they are interacting with AI
  • Emotion recognition or biometric categorisation systems (where not prohibited) — subjects must be informed
  • AI-generated or manipulated content (deepfakes, synthetic text, images, audio, video) — must be labelled as AI-generated

The practical check: Do you have customer-facing chatbots? AI content generators? Virtual assistants? These are limited risk. The obligation is disclosure, not documentation overhaul. But the disclosure must be clear, timely, and accessible.

Minimal risk: the default

Everything else. Spam filters, recommendation engines, predictive text, AI-enhanced search, process automation that does not involve any of the above categories. No specific AI Act obligations, though DSGVO and general product safety rules still apply.

The practical check for Mittelstand companies: Document classification, invoice processing, internal knowledge retrieval, manufacturing process optimisation, supply chain forecasting, marketing analytics — these typically fall here. The AI Act does not create new obligations for these systems. But classify them explicitly and keep the record. For more on what this means for mid-market companies specifically, see What the EU AI Act Means for Mittelstand Companies.

The classification trap: when deployers become providers

Here is where many companies get caught. You deploy a third-party AI system — say, a foundation model via an API — for a specific workflow. As a deployer, your obligations are lighter. But then you fine-tune the model on your data. Or you add a custom classification layer. Or you use the system for a purpose the provider did not intend.

Under the AI Act, if you substantially modify a high-risk AI system or change its intended purpose, you are reclassified as a provider. Provider obligations are significantly heavier: you inherit the full conformity assessment, technical documentation, and risk management requirements.

The practical rule: Document the intended purpose as stated by the provider. If your use deviates from that, get a legal assessment on whether you have crossed the provider threshold. When in doubt, err on the side of caution — the cost of over-documenting is far lower than the cost of being found non-compliant.

A classification workflow for your organisation

Here is the process we use with clients:

  1. Inventory all AI systems. Include shadow AI, embedded AI in SaaS products, and pilot projects.
  2. For each system, run through the classification logic:
    • Does it fall under any Annex III use case? If yes → high-risk.
    • Is it a safety component of an Annex I product? If yes → high-risk.
    • Does it interact directly with persons, generate content, or recognise emotions? If yes → limited risk.
    • None of the above → minimal risk.
  3. For each system, determine your role: Provider or deployer? Have you modified the system or its intended purpose?
  4. Document the classification rationale. Not just the result — the reasoning. When an auditor asks "why did you classify this as minimal risk?" you need an answer that references the regulation.
  5. Review quarterly. New AI systems, new use cases, model updates, and fine-tuning can change the classification.

What comes after classification

Classification is not an end point. It is the starting line. Once you know the risk level, the compliance path becomes clear:

  • Minimal risk: Maintain your inventory. Apply DSGVO where applicable. Done.
  • Limited risk: Implement transparency disclosures. Label AI-generated content. Done.
  • High-risk: Begin conformity assessment preparation. Build or update technical documentation. Implement risk management, data governance, human oversight, and monitoring. This is a project.

For the full compliance framework, see the EU AI Act Compliance Guide. For help running a DPIA alongside your classification, see How to Run a DPIA for AI.

If you are unsure about the classification of a specific system, or if your AI portfolio spans multiple risk categories, book a Fit Call. We will walk through your systems and classify them — no guesswork, no legal ambiguity.